There are definitely things in life that may be better back in the “good old days.” This is why people reminisce about when times were simpler, safer and less costly, but when it comes to IT security, you may desire to go back to simpler times, but is that truly a wise option? And more importantly, are you still relying on older technology to keep your content safe because that is what you have always used and are comfortable with the solution even though it puts you at risk of current cyber threats?
All computer code has a unique signature so early attempts to prevent malware from entering an organization began with identifying and cataloging those signatures attached to malware and then putting filters in place to prevent those signatures from entering your network.
Ultimately, signature-based security is best for dealing with known threats. According to an InfoSecurity Magazine article:
” When an anti-malware solution provider identifies an object as malicious, its signature is added to a database of known malware. These repositories may contain hundreds of millions of signatures that identify malicious objects. This method of identifying malicious objects has been the primary technique used by malware products and remains the base approach used by the latest firewalls, email and network gateways."
Signature-based malware detection technology has a number of strengths, the main being simply that it is well known and understood – the very first anti-virus programs used this approach. It is also speedy, simple to run, and widely available. Above all else, it provides good protection from the many millions of older, but still active threats.”
Unfortunately, signature-based security fails completely when a signature is unknown which is the case for zero-day malware.
Behavior-based IT security solutions scan for deviations from is considered the norm and decides whether any anomaly poses a threat or can be ignored. Sandboxes are the primary vehicle for behavior-based analysis across networks today as they are more effective at catching zero-day malware than any signature-based solution.
Even though behavior-based security can catch zero-day malware, it also suffers from the inherent downsides of:
- It’s slow: By definition of how sandboxes operate, all data that enters your network across CPU, operating system, network or application will need to pass through the sandbox and “exploded” to determine if any malware is hidden. This can add significant delays in communication, especially in organizations with tens of thousands to millions of emails and files transferred daily.
- It’s costly: The necessary hardware to create a secure sandbox is directly dependent on your application environment as you will have to duplicate every scenario in order to test for the possibility of a cyber breach. This can be expensive from a hardware and software perspective, but also the human resources necessary to keep those environments current with latest updates is also not insignificant.
- It can be evaded: Hackers today proudly publish methods to crack sandbox vulnerabilities. Check out Michael Mimoso’s article in Threat Post titled “Using Kernel Exploits To Bypass Sandboxes For Fun And Profit” for an example.
Static Analysis-Based Security
Solebit’s SoleGATE uses a static analysis which is faster, more accurate, not OS version dependent and covers 100% of your code, with complete visibility. With SoleGATE, every line of code is evaluated, making Sandbox evasion techniques ineffective. The platform is agnostic to file type, client-side application type, or the client operating system used within the organization. Unlike a Sandbox which has to simulate specific customer environments, SoleGATE provides protection regardless of operating system, CPU architecture, and function (client, server) of the targeted machine.
See for yourself what SoleGATE can do to deliver evasion proof security for your organization today. Register for a free trial today.